The LT Auditor MP dashboard is the main screen you see after logging in. It provides a real-time overview of activity across your monitored environment, giving administrators and analysts a quick way to spot unusual behavior, check system health, and navigate to more detailed views.
Dashboard overview:
The dashboard is organized into several key areas:
| Section | Description |
| Activity Trend | A graph showing audit event volume over time, helping identify spikes or drops in activity |
| Top Users | The most active users by event count across your monitored environment |
| Top Objects | The most frequently accessed or modified objects (files, directories, accounts) |
| Top Servers | The most active servers by event count |
| Top Operations | The most frequently occurring event types (e.g., logins, file reads, object modifications) |
| Alert Status | A summary of current open alerts requiring attention |
| Last Refresh | Timestamp showing when the dashboard data was last updated |
[Your administrator should add a labeled screenshot of the dashboard here to help users orient themselves.]
Navigating the dashboard:
The main navigation menu runs along the left side of the screen and provides access to all modules:
| Menu Item | Purpose |
| Home | Returns to the main dashboard |
| Manage | Create and manage audit filters and alert rules |
| View | Browse and search audit log data in real time |
| Report | Create, schedule, and generate reports |
| Configure | Set up receivers, transformation rules, and environments |
| Admin | Manage users, roles, system settings, and modules |
Customizing your dashboard view:
- Use the date range selector at the top of the dashboard to adjust the time period displayed
- Click on any metric or chart element to drill down into the underlying event data
- Use the environment selector (if available) to filter the dashboard to a specific monitored environment
- Click Refresh to manually update the dashboard with the latest data
Understanding the activity trend graph:
The activity trend graph displays event volume over the selected time period. Use it to:
- Identify spikes in activity that may indicate a security incident
- Spot drops in activity that may indicate a collection or connectivity issue
- Establish a baseline of normal activity in your environment over time
If you notice an unexpected spike or flatline, navigate to View to investigate the underlying events in more detail.
Switching between monitored environments:
If your deployment monitors multiple environments (e.g., Windows, eDirectory, Azure), you can switch between environment-specific dashboards:
- Navigate to the relevant environment from the dashboard or View menu
- The dashboard will update to reflect activity for the selected environment only
Best practices:
- Check the dashboard at the start of each shift or workday as a quick health check
- Investigate any alert notifications visible on the dashboard before moving on to other tasks
- Use the activity trend graph to establish a sense of normal traffic patterns โ this makes anomalies easier to spot over time
- If the Last Refresh timestamp is significantly behind the current time, check that all services and agents are running correctly